File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes SSL Cert Error - Mismatched Address Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL Cert Error - Mismatched Address" Watch "SSL Cert Error - Mismatched Address" New topic

SSL Cert Error - Mismatched Address

Ed James

Joined: Feb 10, 2010
Posts: 7
Hi all,

I have just setup a new Tomcat installation and created a keystore, created a CSR, created the Cert (using our internal CA), imported the root cert into the keystore and then the site cert into the keystore (alias Looks like I've created everything correctly - no errors during any of these steps. However, when I load the site, I get "Certificate Error: Mismatched Address". I thought that I just needed to add a Host name entry into the server.xml conf file to include but I'm missing something. Can someone help me with this? What am I overlooking? As you can tell, I'm new to Tomcat :-)

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16537

If this is the message I think it is, the hostname on the SSL cert doesn't match the hostname that you're serving it from.

Customer surveys are for companies who didn't pay proper attention to begin with.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

When you generate your cert request with the Java keytool it asks you a series of questions.
One of them is your first and last name (which is misleading).
What it really wants there is the domain name. If that doesn't match the domain of your server you will get this message.

For instance, if you were generating a key for your keytool session would look like:

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: SSL Cert Error - Mismatched Address